Skip to main content
 
Security Education Companion
A free resource for digital security educators

Security News

Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.

Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.

A Smattering of Stars in Argentina's First "Who Has Your Back?" ISP Report

Quien datos 2017 og 3

It’s Argentina's turn to take a closer look at the practices of their local Internet Service Providers, and how they treat their customers’ personal data when the government comes knocking.

Argentina's ¿Quien Defiende Tus Datos? (Who Defends Your Data?) is a project of Asociación por los Derechos Civiles and the Electronic Frontier Foundation, and is part of a region-wide initiative by leading Iberoamerican digital rights groups to turn a spotlight on how the policies of...

Read More

We Still Need More HTTPS: Government Middleboxes Caught Injecting Spyware, Ads, and Cryptocurrency Miners

Sovereign keys

Last week, researchers at Citizen Lab discovered that Sandvine's PacketLogic devices were being used to hijack users' unencrypted internet connections, making yet another case for encrypting the web with HTTPS. In Turkey and Syria, users who were trying to download legitimate applications were instead served malicious software intending to spy on them. In Egypt, these devices injected money-making content into users' web traffic, including advertisements and cryptocurrency mining...

Read More

Offline/Online Project Highlights How the Oppression Marginalized Communities Face in the Real World Follows Them Online

Facebook censorship2

People in marginalized communities who are targets of persecution and violence—from the Rohingya in Burma to Native Americans in North Dakota—are using social media to tell their stories, but finding that their voices are being silenced online.

This is the tragic and unjust consequence of content moderation policies of companies like Facebook, which is deciding on a daily basis what can be and can’t be said and shown online. Platform censorship has ratcheted up in these times of...

Read More

Geek Squad's Relationship with FBI Is Cozier Than We Thought

Geek 1 1

Update: A Best Buy spokesperson confirmed to reporters that at least four Geek Squad employees received payments from the FBI.

After the prosecution of a California doctor revealed the FBI’s ties to a Best Buy Geek Squad computer repair facility in Kentucky, new documents released to EFF show that the relationship goes back years. The records also confirm that the FBI has paid Geek Squad employees as informants.

EFF filed a Freedom of Information Act (FOIA) lawsuit...

Read More

A Technical Deep Dive: Securing the Automation of ACME DNS Challenge Validation

Lets encrypt 3 0

Earlier this month, Let's Encrypt (the free, automated, open Certificate Authority EFF helped launch two years ago) passed a huge milestone: issuing over 50 million active certificates. And that number is just going to keep growing, because in a few weeks Let's Encrypt will also start issuing “wildcard” certificates—a feature many system administrators have been asking for.

What's A Wildcard Certificate?

In order to validate an HTTPS certificate, a user’s browser checks to make...

Read More

The False Teeth of Chrome's Ad Filter

Today Google launched a new version of its Chrome browser with what they call an "ad filter"—which means that it sometimes blocks ads but is not an "ad blocker." EFF welcomes the elimination of the worst ad formats. But Google's approach here is a band-aid response to the crisis of trust in advertising that leaves massive user privacy issues unaddressed. 

Last year, a new industry organization, the Coalition for Better Ads, published user research...

Read More

The False Teeth of Chrome's Ad Filter

Today Google launched a new version of its Chrome browser with what they call an "ad filter"—which means that it sometimes blocks ads but is not an "ad blocker." EFF welcomes the elimination of the worst ad formats. But Google's approach here is a band-aid response to the crisis of trust in advertising that leaves massive user privacy issues unaddressed. 

Last year, a new industry organization, the Coalition for Better Ads, published user research...

Read More

Let's Encrypt Hits 50 Million Active Certificates and Counting

In yet another milestone on the path to encrypting the web, Let’s Encrypt has now issued over 50 million active certificates. Depending on your definition of “website,” this suggests that Let’s Encrypt is protecting between about 23 million and 66 million websites with HTTPS (more on that below). Whatever the number, it’s growing every day as more and more webmasters and hosting providers use Let’s Encrypt to provide HTTPS on their websites by default.

Read More

The Revolution and Slack

Slack 1

UPDATE (2/16/18): We have corrected this post to more accurately reflect the limits of Slack's encryption of user data at rest. We have also clarified that granular retention settings are only available on paid Slack workspaces.

The revolution will not be televised, but it may be hosted on Slack. Community groups, activists, and workers in the United States are increasingly gravitating toward the popular collaboration tool to communicate and coordinate efforts. But many...

Read More

The CLOUD Act: A Dangerous Expansion of Police Snooping on Cross-Border Data

Cloud leaky 0

This week, Senators Hatch, Graham, Coons, and Whitehouse introduced a bill that diminishes the data privacy of people around the world.

The Clarifying Overseas Use of Data (CLOUD) Act expands American and foreign law enforcement’s ability to target and access people’s data across international borders in two ways. First, the bill creates an explicit provision for U.S. law enforcement (from a local police department to federal agents in Immigration and Customs...

Read More

Twilio Demonstrates Why Courts Should Review Every National Security Letter

Declassified folder og 0

The list of companies who exercise their right to ask for judicial review when handed national security letter gag orders from the FBI is growing. Last week, the communications platform Twilio posted two NSLs after the FBI backed down from its gag orders. As Twilio’s accompanying blog post documents, the FBI simply couldn’t or didn’t want to justify its nondisclosure requirements in court. This might be the starkest public example yet of why courts should be involved in reviewing NSL gag...

Read More

Keep Border Spy Tech Out of Dreamer Protection Bills

Border wall

UPDATE Feb. 14, 2018: Today, President Trump endorsed Sen. Grassley's bill on border and immigration issues (H.R. 2579). EFF opposes it. Like many of its predecessors, this bill would expand invasive surveillance on Americans and foreigners alike, with biometric screening, social media snooping, drones, and automatic license plates readers.

If Congress votes this month on legislation to protect Dreamers from deportation, any bill it considers should not...

Read More

How Congress’s Extension of Section 702 May Expand the NSA’s Warrantless Surveillance Authority

Nsa eagle 2

Last month, Congress reauthorized Section 702, the controversial law the NSA uses to conduct some of its most invasive electronic surveillance. With Section 702 set to expire, Congress had a golden opportunity to fix the worst flaws in the NSA’s surveillance programs and protect Americans’ Fourth Amendment rights to privacy. Instead, it reupped Section 702 for six more years.

But the bill passed by Congress and signed by the president, labeled S. 139, didn’t just extend Section...

Read More

Code Review Isn't Evil. Security Through Obscurity Is.

Icon security 2

On January 25th, Reuters reported that software companies like McAfee, SAP, and Symantec allow Russian authorities to review their source code, and that "this practice potentially jeopardizes the security of computer networks in at least a dozen federal agencies." The article goes on to explain what source code review looks like and which companies allow source code reviews, and reiterates that "allowing Russia to review the source code may expose unknown vulnerabilities that could be...

Read More

ETICAS Releases First Ever Evaluations of Spanish Internet Companies' Privacy and Transparency Practices

Quien spain

It’s Spain's turn to take a closer look at the practices of their local Internet companies, and how they treat their customers’ personal data.

Spain's ¿Quien Defiende Tus Datos? (Who Defends Your Data?) is a project of ETICAS Foundation, and is part of a region-wide initiative by leading Iberoamerican digital rights groups to shine a light on Internet privacy practices in Iberoamerica. The report is based on EFF's annual Who Has Your Back? report, but adapted...

Read More

When Trading Track Records Means Less Privacy

Locational privacy

Sharing your personal fitness goals—lowered heart rates, accurate calorie counts, jogging times, and GPS paths—sounds like a fun, competitive feature offered by today’s digital fitness trackers, but a recent report from The Washington Post highlights how this same feature might end up revealing not just where you are, where you’ve been, and how often you’ve traveled there, but sensitive national security information.

According to The Washington Post report, the fitness tracking...

Read More

It's Time to Make Student Privacy a Priority

Last month, the Federal Trade Commission and the U.S. Department of Education held a workshop in Washington, DC. The topic was “Student Privacy and Ed Tech.” We at EFF have been trying to get the FTC to focus on the privacy risks of educational technology (or “ed tech”) for over two years, so we eagerly filed formal comments.

We’ve long been concerned about how technology impacts student privacy. As schools and classrooms become increasingly wired, and as schools put more digital...

Read More

ICE Accesses a Massive Amount of License Plate Data. Will California Take Action?

Sls header plain

The news that Immigrations & Customs Enforcement is using a massive database of license plate scans from a private company sent shockwaves through the civil liberties and immigrants’ rights community, who are already sounding the alarm about how mass surveillance will be used to fuel deportation efforts.

The concerns are certainly justified: the vendor, Vigilant Solutions, offers access to 6.5 billion data points, plus millions more collected by law enforcement agencies around...

Read More

EFF's Fight to End Warrantless Device Searches at the Border: A Roundup of Our Advocacy

EFF has been working on multiple fronts to end a widespread violation of digital liberty—warrantless searches of travelers’ electronic devices at the border. Government policies allow border agents to search and confiscate our cell phones, tablets, and laptops at airports and border crossings for no reason, without explanation or any suspicion of wrongdoing. It’s as if our First and Fourth Amendment rights don’t exist at the border. This is wrong, which is why we’re working to challenge...

Read More

Europe's GDPR Meets WHOIS Privacy: Which Way Forward?

Europe's General Data Protection Regulation (GDPR) will come into effect in May 2018, and with it, a new set of tough penalties for companies that fail to adequately protect the personal data of European users. Amongst those affected are domain name registries and registrars, who are required by ICANN, the global domain name authority, to list the personal information of domain name registrants in publicly-accessible WHOIS directories. ICANN and European registrars have clashed over this...

Read More

Google’s Advanced Protection Program Offers Security Options For High-Risk Users

Google security

Security is not a one-size-fits-all proposition, and features that are prohibitively inconvenient for some could be critical for others. For most users, standard account security settings options are sufficient protection against common threats. But for the small minority of users who might be targeted individually—like journalists, policy makers, campaign staff, activists, people with abusive exes, or victims of stalking—standard security options won’t cut it.

For those users,...

Read More

Dark Caracal: Good News and Bad News

Dark caracal 1

Yesterday, EFF and Lookout announced a new report, Dark Caracal, that uncovers a new, global malware espionage campaign. One aspect of that campaign was the use of malicious, fake apps to impersonate legitimate popular apps like Signal and WhatsApp. Some readers had questions about what this means for them. This blog post is here to answer those questions and dive further into the Dark Caracal report.

Read the full Dark Caracal report here

First, the good news: Dark...

Read More

An Open Letter to Our Community On Congress’s Vote to Extend NSA Spying From EFF Executive Director Cindy Cohn

Paglen nsa credit 1

Dear friends,

Today, the United States Congress struck a significant blow against the basic human right to read, write, learn, and associate free of government’s prying eyes. 

Goaded by those who let fear override democratic principles, some members of Congress shuttered public debate in order to pass a bill that extends the National Security Agency’s unconstitutional Internet surveillance for six years. 

This means six more years of warrantless surveillance under...

Read More

EFF to Supreme Court: Protect the Privacy of Cross-Border Data

Database 1

Update (April 17, 2018): In light of the passage of the CLOUD Act, the Supreme Court dismissed the case as moot and vacated the lower court rulings.

The Electronic Frontier Foundation urged the Supreme Court today to hold that Microsoft cannot be forced by the U.S. government to disclose the contents of users’ emails stored on the company’s computers in Dublin, Ireland.

The stakes for user privacy in the court’s decision are extremely high. Governments around the...

Read More

House Fails to Protect Americans from Unconstitutional NSA Surveillance

Nsa eagle 2

UPDATE, January 12, 2018: The Senate could vote Tuesday on a disastrous NSA surveillance extension bill that violates the Fourth Amendment. Click the link at the bottom of the page to email your Senator today and tell them to oppose bill S. 139.

The House of Representatives cast a deeply disappointing vote today to extend NSA spying powers for the next six years by a 256-164 margin. In a related vote, the House also failed to adopt meaningful reforms on how the government...

Read More
Close tooltip